我正在尝试使用 Python 和 Azure SDK 为 Azure Blob 存储容器生成共享访问签名 (SAS) URL。 SAS 令牌已成功生成,但当我尝试使用它将文件上传到容器时,遇到“AuthorizationPermissionMismatch”错误。
def generate_sas_url_for_container(strg_account, credentials, container_name, permissions, validity_hours):
try:
# Create BlobServiceClient using the storage account name and credentials
blob_service_client = BlobServiceClient(account_url=f"https://{strg_account}.blob.core.windows.net/", credential=credentials)
# Define permissions for the SAS token
container_permissions = ContainerSasPermissions(read=permissions.read, create=permissions.create, list=permissions.list)
user_delegation_key = blob_service_client.get_user_delegation_key(datetime.utcnow(), datetime.utcnow() + timedelta(hours=1))
# Define expiry for the SAS token
expiry = datetime.utcnow() + timedelta(hours=validity_hours)
# Generate SAS token for the container
sas_token = generate_container_sas(
account_name=blob_service_client.account_name,
user_delegation_key=user_delegation_key,
container_name=container_name,
account_key=None,
permission=container_permissions,
expiry=expiry,
sv="2020-08-04"
)
sas_url = f"https://{blob_service_client.account_name}.blob.core.windows.net/{container_name}?{sas_token}"
return sas_url
except Exception as e:
print(f"Error generating SAS URL for container: {e}")
return None
这是我在尝试使用生成的 SAS URL 上传文件时遇到的错误消息:
<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.
RequestId:a6cfe60c-501e-0095-40bf-a00
Time:2024-05-14T05:26:24.9759212Z</Message></Error>
encoding="utf-8"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission. RequestId:a6cfe60c-501e-0095-40bf-a00 Time:2024-05-14T05:26:24.9759212Z</Message></Error> ```
当您没有适当的权限将文件上传到 Azure Blob 存储时,会出现上述错误。
您可以使用下面的代码,使用生成的 sas url 将文件上传到具有正确权限的 Azure Blob 存储。
更正代码:
from datetime import datetime, timedelta
from azure.storage.blob import BlobServiceClient, BlobClient, generate_container_sas, ContainerSasPermissions
from azure.identity import DefaultAzureCredential
def generate_sas_url_for_container(strg_account, credentials, container_name, permissions, validity_hours):
try:
blob_service_client = BlobServiceClient(account_url=f"https://{strg_account}.blob.core.windows.net/", credential=credentials)
user_delegation_key = blob_service_client.get_user_delegation_key(datetime.utcnow(), datetime.utcnow() + timedelta(hours=1))
expiry = datetime.utcnow() + timedelta(hours=validity_hours)
sas_token = generate_container_sas(
account_name=blob_service_client.account_name,
user_delegation_key=user_delegation_key,
container_name=container_name,
permission=permissions,
expiry=expiry,
protocol="https"
)
sas_url = f"https://{blob_service_client.account_name}.blob.core.windows.net/{container_name}/{blob_name}?{sas_token}"
return sas_url
except Exception as e:
print(f"Error generating SAS URL for container: {e}")
return None
def upload_file_to_container_with_sas_url(sas_url_with_blob_name, file_path):
try:
blob_client = BlobClient.from_blob_url(sas_url_with_blob_name)
with open(file_path, "rb") as data:
blob_client.upload_blob(data)
return True
except Exception as e:
print(f"Error uploading file to container: {e}")
return False
strg_account = "venkat123"
container_name = "test"
file_path = r"C:\Users\v-vsettu\Downloads\important.png"
blob_name = "sample.png"
permissions = ContainerSasPermissions(read=True, write=True, delete=True, list=True)
validity_hours = 1
credentials = DefaultAzureCredential()
sas_url_with_blob_name = generate_sas_url_for_container(strg_account, credentials, container_name, permissions, validity_hours)
upload_file_to_container_with_sas_url(sas_url_with_blob_name, file_path)
执行上述代码并使用
sas url
上传文件。
输出: